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What is claimed is 

1. A communication control method for controlling communication between 
devices on a predetermined network by using a communication control apparatus 
located on the same level as other devices of the network,, the method comprising: 

5 determining at least a cut-off object device of which communication is needed 

to be cut-off, according to a set communication control rule; and 

providing an address resolution protocol (ARP) packet in which a data link 
layer address is manipulated, to the cut-off object device, 

wherein the cut-off object device is controlled to transmit its data packets to 
10 manipulated abnormal addresses, and by doing so, communication by the cut-off 
object device is cut off. 

2. The communication control method of claim 1, further comprising: 
transmitting an ARP packet including normal address information to a device which is 

15 in a communication cut-off state although the device is not an object of communication 
cut-off any more, such that the communication cut-off state is canceled.. 

3. The communication control method of claim 1, further comprising: setting part 
or all of the data link layer addresses of the cut-off object devices to the data link layer 

20 address of the communication control apparatus or a third data link layer address that is 
not of the cut-off object devices, such that communication between cut-off object 
devices is cut off. 

4. The communication control method of claim 1, further comprising: if there is 
25 collision between the Internet protocol (IP) address of a device newly connected to the 

predetermined network and the IP addresses of existing devices, transferring, a correct IP 
address to the existing devices in a unicast method such that the collision of the IP 
address is prevented. 
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5. The communication control method of claim 1, further comprising: collecting 
network layer addresses and data link layer addresses of network internal devices for 
which the communication control rule is set. 

5 

6. The communication control method of claim 5, wherein the step of collecting 
address is performed by a first method in which the communication control apparatus 
receives an ARP packet broadcast by a device in the network in order to communicate 
with any other device in the network, and detects a network layer address and a data 

10 link layer address included in the packet, and/or by a second method in which based on 
the address of an administration object device which is manually input by a network 
administrator, the communication control apparatus transmits an ARP request packet 
and detects a network layer address and a data link layer address from an ARP reply 
packet transmitted by the administration object device in response to the ARP request 

15 packet. 

7. A communication control method for controlling communication between 
devices on a predetermined network, the method comprising: 

collecting network layer addresses and data link layer addresses existing in the 
20 network, by a communication control apparatus; 

storing communication control rules, which are set to perform desired 
communication control for collected addresses by a network administrator, in a 
communication control rule database (DB); 

detecting an address resolution protocol (ARP) packet transmitted by a device 
25 in the network in order to communicate with another device in the network; 

detennining whether or not the detected ARP packet corresponds to a 
communication cut-off object, by referring to the communication control rule DB; and 
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if the packet corresponds to the communication cut-off object, transmitting an 
ARP for communication cut-off, wherein communication between network internal 
devices can be selectively controlled when necessary. 

5 8. The communication control method of claim 7, wherein collecting the 
addresses is performed by a first method in which the communication control apparatus 
receives an ARP packet broadcast by a device in the network in order to communicate 
with any other device in the network, and detects a network layer address and a data 
link layer address included in the packet, and/or by a second method in which based on 

10 the address of an administration object device which is manually input by a network 
administrator, the communication control apparatus transmits an ARP request packet 
and detects a network layer address and a data link layer address from an ARP reply 
packet transmitted by the administration object device in response to the ARP request 
packet. 

15 

9. The communication control method of claim 7, wherein the objects of setting 
the communication control rule include communication between network layer 
addresses, communication between data link layer addresses, and communication 
between a network layer address and a data link layer address. 

20 

10. The communication control method of claim 7, wherein the objects of setting 
the communication control rule further include communication between network layer 
address and network layer address groups, communication between data link layer 
address and data link layer address groups, communication between network layer 

25 addresses and data link layer address groups, communication between data link layer 
addresses and network layer address groups, and communication between network layer 
address groups and data link layer address groups. 
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11. The communication control method of claim 7, wherein when a reception side 
address is an object of cut-off, a cut-off packet is transmitted to the 'same addresses* as 
the reception protocol address. 

5 12. The communication control method of claim 7, wherein when a transmission 
side address is an object of cut-off, a cut-off packet is transmitted to 'all' protocol-data 
link layer addresses belonging to the same network as that of the transmission side 
protocol. 

10 13. The communication control method of claim 7, further comprising: if a 
network internal device transmits an ARP reply packet in response to the ARP request 
packet transmitted by the communication control apparatus, retrieving an relation rule 
by using a transmission side address included in the detected reply packet, and if the 
retrieval result indicates that there is a cut-off rule for the transmission side address, 

15 transmitting a cut-off packet to all protocol-data link layer address DBs (DB-3) 
belonging to the same network as that of the transmission side protocol. 

14. The communication control method of claim 7, further comprising: for a 
device which is in a communication cut-off state although the device is not an object of 

20 communication cut-off any more with detection of a network layer packet, transmitting 
an ARP packet for canceling the communication cut-off state. 

15. The communication control method of any one of claims 7 and 14, further 
comprising: by referring to the communication control rule DB at regular time interval, 

25 transmitting an ARP request packet for communication cut-ofiG^canceling 
communication cut-off according to a communication control rule registered in the DB. 
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16. The communication control method of claim 7, further comprising: if a 
reception side data link layer address is a cut-off address and there is a packet 
forwarding rule for the address, forwarding the received protocol layer packet with 
having the destination address of the received protocol layer packet as a normal data 

5 link layer address. 

17. The communication control method of claim 7, further comprising: if there is 
collision between the Internet protocol (IP) address of a device newly connected to the 
predetermined network and the IP addresses of existing devices, transferring a correct IP 

10 address to the existing devices in a unicast method such that the collision of the IP 
address is prevented. 

18. A communication control apparatus which is located on the same level as that 
of devices on a predetermined network; provides an environment where an 

15 administrator of the network can set a communication control rule capable of cutting off 
communication between the devices when necessary; while administering the set 
communication control rules in a database, provides an ARP packet in which the data 
link layer address is manipulated, to the devices that are set as the objects of 
communication cut-off, such that data packets transmitted by the communication cut-off 

20 object devices are made to be transmitted to an manipulated abnormal address; and by 
doing so, cuts off communication between the communication cut-off object devices. 
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